Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-29 | CVE-2009-3451 | Path Traversal vulnerability in Radactive I-Load Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2009-09-29 | CVE-2009-3450 | Cross-Site Scripting vulnerability in Radactive I-Load Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET. | 4.3 |
| 2009-09-29 | CVE-2009-3449 | Unspecified vulnerability in Collectorz MP3 Collector 2.3 MP3 Collector 2.3 allows remote attackers to cause a denial of service (application crash) via a long URL in a .m3u playlist file. network collectorz | 4.3 |
| 2009-09-29 | CVE-2009-3447 | Race Condition vulnerability in Radactive I-Load Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window. | 6.8 |
| 2009-09-28 | CVE-2009-3446 | SQL Injection vulnerability in Rick Estrada COM Mytube 1.0Beta SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php. | 7.5 |
| 2009-09-28 | CVE-2009-3445 | Remote Denial Of Service vulnerability in Code-Crafters Ability Mail Server IMAP FETCH Request Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (daemon crash) via an IMAP4 FETCH command. | 5.0 |
| 2009-09-28 | CVE-2009-3444 | Cross-Site Scripting vulnerability in E107 Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action. | 4.3 |
| 2009-09-28 | CVE-2009-3443 | SQL Injection vulnerability in Fastballproductions COM Fastball 1.1.0/1.2 SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php. | 7.5 |
| 2009-09-28 | CVE-2009-3442 | Permissions, Privileges, and Access Controls vulnerability in Ariel Barreiro Meta Tags The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2009-09-28 | CVE-2009-3441 | Improper Authentication vulnerability in Alienvault Ossim 1.0.4/1.0.6 Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php. | 5.0 |